Agentic AI for Cyber Resilience: A New Security Paradigm and Its System-Theoretic Foundations
Tao Li, Quanyan Zhu
TL;DR
The paper argues that foundation-model–driven AI enables autonomous agents that can sense, reason, act, and adapt at scale, making prevention-centric cybersecurity brittle in the face of adaptive threats. It proposes an AI-augmented paradigm and a system-theoretic framework for agentic cyber resilience, integrating memory, reasoning, tools, human oversight, and embodied environments into closed-loop workflows. Leveraging game-theoretic reasoning, Stackelberg and Gestalt formulations, and case studies in pentesting, detection, and deception, the work demonstrates how equilibrium-based designs can sustain security and mission continuity under persistent adversarial pressure. The synthesis highlights cyber–physical convergence, governance and assurance challenges, and the essential role of human–AI collaboration in building resilient, scalable security architectures for AI-enabled futures.
Abstract
Cybersecurity is being fundamentally reshaped by foundation-model-based artificial intelligence. Large language models now enable autonomous planning, tool orchestration, and strategic adaptation at scale, challenging security architectures built on static rules, perimeter defenses, and human-centered workflows. This chapter argues for a shift from prevention-centric security toward agentic cyber resilience. Rather than seeking perfect protection, resilient systems must anticipate disruption, maintain critical functions under attack, recover efficiently, and learn continuously. We situate this shift within the historical evolution of cybersecurity paradigms, culminating in an AI-augmented paradigm where autonomous agents participate directly in sensing, reasoning, action, and adaptation across cyber and cyber-physical systems. We then develop a system-level framework for designing agentic AI workflows. A general agentic architecture is introduced, and attacker and defender workflows are analyzed as coupled adaptive processes, and game-theoretic formulations are shown to provide a unifying design language for autonomy allocation, information flow, and temporal composition. Case studies in automated penetration testing, remediation, and cyber deception illustrate how equilibrium-based design enables system-level resiliency design.
